Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

HankDorsett

66 Posts

3793

February 4th, 2010 12:00

SMC Security

I'm new to SMC and I need some help securing it. I would like to use my domain account to login to the console. The domain login is working. The problem is, it works for every domain account, even accounts that do not have access to login to the server. How can I secure it and only allow select domain users.  

Thanks,

Hank

Joe_Ab

227 Posts

February 4th, 2010 16:00

There are many approaches to secure your environmet.

what you asked for was answered by Allen, you are looking for a way to prevent users to access SMC.

Go to tasks --> permessions --> security --> Add then selecet your sid username & the roles for your case it will be an administrator to provide full permission.

Now if you tried to open it again with SMC you should not get any mannaged array ..

You cant prevent users to run the application it self by SMC , what i suggest to control the security of SMC installation folder , if you remove the authenticated and everyone users, no one will have the permession to run the application... its windows issue and out of SMC and EMC

This is a host level security, if you are looking for symmetrix level, it was mentioned by dynamox, you can use symauth to restric managment for arrays, set roles and permession for users on symmetrix level it maybe domain or local user.

and finally the you can define an Access control list, anyone may have access to execute commands To prevent this we use symacl to set up and restrict "host" access to defined sets of devices as pools each to a server and then you can restric what symcli commands they can run ...simply its perfect but maybe complicated.

regards

yousef

dynamox

1 Rookie

 • 

20.4K Posts

February 4th, 2010 12:00

Allen ..are you talking about symauth ?

This e-mail message (including any attachments) is for the sole use of

the intended recipient(s) and may contain confidential and privileged

information. If the reader of this message is not the intended

recipient, you are hereby notified that any dissemination, distribution

or copying of this message (including any attachments) is strictly

prohibited.

If you have received this message in error, please contact

the sender by reply e-mail message and destroy all copies of the

original message (including attachments).

AranH1

2.2K Posts

February 4th, 2010 12:00

When I setup SMC I did not configure LDAP for login. I just added domain user accounts and assigned permissions for those users that I wanted to enable access to SMC. If the domain user account has local rights (in the local Administrators group) on the server running SMC, they will be able to login to SMC. Any othe domain user account will not be able to.

HankDorsett

66 Posts

February 4th, 2010 12:00

I found the area to authorize users for SYMMs. I would like to prevent domain users from being able to start the console even if they can't do anything with it. 

Allen Ward

2.1K Posts

February 4th, 2010 12:00

Hank, the security setup isn't for login to SMC itself, but for management of the Symm(s) once you are in. I don't have it right in front of me, but you need to set up permissions for specific account to manage the Symm. Once this is done, anyone logging in with a non-privileged account will (or at least used to) get an alert telling them they are not authorized to manage any of the Symms. If you log in with an account that is set up you will be able to proceed normally.

We have this set using domain accounts. The initial setup was done using the default SMC login account, then after I set my account up I logged back in and removed rights for the default account to manage the Symms.

If you can't find the exact dialog and options, reply back and I'll try to get more detailed instructions for you. I'm just about on my way out today and wanted to at least point you in the right direction before leaving.

Allen Ward

2.1K Posts

February 4th, 2010 12:00

Not sure what the CLI equivalent would be dynamox. I set it all up through SMC when we first deployed it. I'll try to take a closer look tomorrow when I'm back in the office. Right now I'm on the way out the door. This time for real :-)

My massage therapist is waiting to beat the kinks out of me from the last month. It's been way too long!

Allen Ward

2.1K Posts

February 4th, 2010 12:00

So you didn't set up any permissions for the arrays themselves, Aran?

HankDorsett

66 Posts

February 4th, 2010 13:00

Aaran,

I have a few users and group profiles in the local admin group but it still allows all users to open the console. Can you have someone that isn't authorized to see if they can login?

AranH1

2.2K Posts

February 4th, 2010 14:00

@Allen

No I did not setup Symmetrix Authorization. When you add the user you select which Symm array to associate the user account with. We only have one Sym so this is simple for us. Not sure what the process is when managing multiple Symms.

@Hank

I have tested this with domain accounts that do not have rights to the server. They get the alert that Allen mentioned, stating that they are not authorized to manage any arrays.

HankDorsett

66 Posts

February 5th, 2010 09:00

Thanks, that's what I was looking for but not the answer I wanted.

RajaBalan

1 Message

April 12th, 2010 13:00

Allen,

 

Can you send me this doc tor 

 

 

Please

 

Raj

View More

View All

No Events found!

Top